PHP 8.3 RFC: Built‑in json_validate Function

PHP 8.2 is currently in Release Candidate stage and PHP 8.3 is under development. The first accepted RFC for PHP 8.3 adds a built‑in JSON validation function called json_validate , which uses the same parser as json_decode to guarantee identical behavior.

Proposal

Signature

json_validate(string $json, int $depth = 512, int $flags = 0): bool

Parameters

json – the JSON string to validate (must be UTF‑8).

depth – maximum recursion depth, same default as json_decode .

flags – bitmask, currently supports JSON_INVALID_UTF8_IGNORE , identical to json_decode flags.

Return value

Returns true if the string is valid JSON, otherwise false .

Examples

Valid JSON:

var_dump(json_validate('{ "test": { "foo": "bar" } }'));
// bool(true)

Invalid JSON:

var_dump(json_validate('{ "": "": "" } }'));
// bool(false)

Errors can be inspected with json_last_error() or json_last_error_msg() .

Resolution Summary

All tested users reported correct behavior and welcomed the feature.

The majority of the PHP mailing list community approved the RFC and expects it in the next release.

Core reviewers consider the implementation small, easy to maintain, and highly beneficial.

The community actively discussed and provided feedback throughout the voting process.

Community Discussion

Key points from the discussion include the need for a lightweight validator for small JSON payloads, security benefits against denial‑of‑service attacks, and the desire for a function that does not allocate ZVAL structures.

Why Integrate

Drawbacks of using json_decode for validation

json_decode creates PHP values (arrays, objects) which consumes memory when only validation is required.

Drawbacks of regex‑based validation

Regular expressions diverge from the native parser, are error‑prone, and hard to maintain.

Drawbacks of custom implementations

Writing a JSON parser from scratch is difficult.

Custom parsers may become out‑of‑sync with json_decode , leading to inconsistent behavior.

PHP already provides a robust parser, making a duplicate unnecessary.

Existing PHP JSON parser

The new function reuses the existing parser, guaranteeing 100 % compatibility with json_decode .

Why It Was Not Added Earlier

Adding a small, user‑implemented validator was deemed undesirable.

The edge cases covered by json_validate affect only a tiny fraction of use‑cases, and adding many similar validators (XML, YAML, etc.) could bloat the core.

Changes During the RFC

Initially the proposal suggested throwing exceptions on certain errors, but after discussion the implementation was changed to simply return false , matching json_decode 's behavior.

Target Version

The function is slated for inclusion in the next PHP 8.x release (PHP 8.3).

Major Benefiting Projects

Symfony Framework – example class JsonValidator extends ConstraintValidator .

Laravel Framework – custom validator examples using json_decode and json_last_error .

WordPress CLI – is_json helper function.

StackOverflow Discussion

The topic "Fastest way to check if a string is JSON in PHP" is one of the highest‑voted questions on StackOverflow, with over 484 k views, and similar questions exist for Python and Java.

Conclusion

The RFC passed with 18 votes for and 1 against and is expected to be implemented in PHP 8.3, providing a lightweight, compatible JSON validation function for the PHP ecosystem.